Cyber Attack Recovery Times Cause Big Concerns

More than half (55%) of the 430 organizations surveyed by the SANS Institute are dissatisfied with the length of time it takes them to contain and recover from attacks, according to a new report from the provider of information security training and analysis.

The study, Dynamic Data Center and Cloud Security in the Modern Enterprise, queried security and risk professionals from the SANS community, all working in private and public sector organizations ranging in size from 100 to more than 15,000 employees.

"When it comes to limiting damage and preventing data breaches, time continues to be the biggest challenge for security and risk professionals," Dave Shackleford, an analyst at SANS Institute and author of the report, said in a statement.

"Most respondents said they use traditional tools to monitor traffic between data centers and internal or external clouds, and are unhappy with the level of visibility and containment speeds they get,” Shackleford said. “If our security stance is going to improve, we need better visibility, the ability to make configuration changes faster and to contain attacks more quickly."

Fifty-nine percent of organizations are able to contain attacks within 24 hours, leaving many open to prolonged and increased damages as attacks spread laterally through data centers and cloud environments, according to the survey.

The range of response times reported might be the result of the inability of some traditional security tools to help organizations detect and manage attack scenarios. According to the survey, between 75% and 96% of organizations are using traditional solutions in data centers, which include everything from firewalls to those tools that focus on detection and intrusion prevention.